package com.lvcoding.oauth2.resource.jwt.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;
import java.util.Collections;

/**
 * @author wuyanshen
 * @description 资源服务器配置
 * @date 2022-02-17 下午5:01
 */
@EnableResourceServer // 开启资源服务器
@Configuration
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
                .authorizeRequests()
                .antMatchers("/error").permitAll()
                .anyRequest().authenticated()
                .and()
                .cors(Customizer.withDefaults());
        // @formatter:on
    }

    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOriginPatterns(Collections.singletonList("*"));
        // configuration.addAllowedOrigin("*");//修改为添加而不是设置，* 最好改为实际的需要，我这是非生产配置，所以粗暴了一点
        configuration.addAllowedMethod("*");//修改为添加而不是设置
        configuration.addAllowedHeader("*");//这里很重要，起码需要允许 Access-Control-Allow-Origin
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }


    // @Override
    // public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
    //     resources.tokenServices(this.tokenServices());
    // }


    /**
     * 与application.yml的配置效果相同，选一种即可
     *
     * 资源服务器oauth2配置
     * security:
     *   oauth2:
     *     # 该资源服务器的客户端id和秘钥
     *     client:
     *       client-id: test
     *       client-secret: test
     *     resource:
     *       # 资源服务器配置校验token的端点
     *       token-info-uri: http://localhost:6001/oauth/check_token
     *
     */
    // public ResourceServerTokenServices tokenServices() {
    //     RemoteTokenServices services = new RemoteTokenServices();
    //     services.setCheckTokenEndpointUrl("http://localhost:6001/oauth/check_token");
    //     services.setClientId("test");
    //     services.setClientSecret("test");
    //     return services;
    // }
}
